Focus on capacity building ,Deccan Herald, 25 Dec 2016

With an unprecedented surge in the use of information technology for communications, storing data and conducting financial transactions, cybersecurity has become a crucial challenge to one and all, including individuals, corporate entities and government bodies.

According to the National Crime Records Bureau data, in the last three years, registered cases of cybercrime increased by 350%, from 966 to 4,356. As per a Norton Cybercrime in India report released last year, around 113 million Indians lost about Rs 16,558 on an average to cybercrime, apart from emotional distress due to breach of private financial data. The recent incidents of hacking Twitter accounts of Congress leader Rahul Gandhi and some journalists created a strong turbulence in domain of cybersecurity. The spike in such incidents highlights the dire need of training more professionals skilled to handle cybersecurity to prevent and combat cybercrimes.

Though more number of cases of cybercrime are being reported, tracing the cybercriminal is often a challenge to the law enforcement agencies, particularly the police. Special cyberpolice stations are being set up in states, and deployment of added infrastructure and tools is underway, yet police officers require frequent and regular training in cyberlaw to effectively investigate cases.

Similarly, the country needs more cybersecurity professionals to assist in securing the cyberspace and making online communications, e-payments and data storage more secure. According to Section 43A of the Information Technology Act, everyone handling sensitive personal information ought to comply with reasonable security practices to safeguard the personal data, which is fulfilled, for instance, by complying with ISO 27001 certification. Cybersecurity professionals play an important role here in safeguarding data and preventing hacking or other attempts of data breach. If a cyberattack has occurred, cybersecurity professionals assist in incident response and mitigating the risk and effects of the incident, and tracing the criminal. They assist in collection of digital evidence in a legally admissible manner, which is crucial to every cybercrime investigation and prosecution.

A million needed
India’s cybersecurity policy, 2013, aptly notes that besides the impact on corporate environment or compromise of an individuals’ privacy or data, it could involve large-scale attacks on critical information systems and related critical infrastructure.
It further points out that “identification, coordinated exchange, investigation, coordinated response and remediation can mitigate the damage caused by malicious cyberspace activity”. The policy envisages creation of 5 lakh cybersecurity professionals. In fact, Nasscom estimates that India will need a million cybersecurity professionals by 2020. There are structured courses available in India that impart such skills. However, as technology changes at a fast pace, these courses need to be regularly updated and structured to cover different skill sets and aspects of cybersecurity.

Courses of this nature are being offered by reputed institutions such as IGNOU and the National Law School etc. In my view, capacity building and training of cybersecurity professionals is the key to achieving the mission envisaged in the policy which aims to prevent and respond to cybersecurity incidents, reducing loopholes, mitigating damage through institutional structure, people, technology and processes. In fact, the policy encourages public-private partnerships in the domain of imparting training and capacity building. It lays equal stress on establishing institutional mechanisms for capacity building for law enforcement agencies.
In order to strengthen India’s cybersecurity, it is equally important to make people more “cyberaware”, and impart knowledge about online safety practices to prevent unsuspecting people from falling victims of phishing, vishing or smishing attacks. Cybercriminals often use sophisticated tools to hide their true identity and location by concealing their IP address and use malware such as keyloggers to extract personal sensitive financial information from gullible people. As India witnesses a paradigm shift in digitisation and increased use of e-payment systems, it is imperative to impart basic cybersafety tips to people. It’s time Digital India works out a clear strategic action plan to increase capacity building in cybersecurity to make India cybersecure.

(The writer is a leading cyberlaw expert and advocate, Supreme court; and Visiting Faculty (CBI), the National Police Academy and the National Judicial Academy)